Google Android vulnerabilities

CVE-2018-9386 [MEDIUM] CWE-787 CVE-2018-9386: In reboot_block_command of htc reboot_block driver, there is a possible stack buffer overflow du In reboot_block_command of htc reboot_block driver, there is a possible stack buffer overflow due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

CVE-2018-9398 [MEDIUM] CWE-787 CVE-2018-9398: In fm_set_stat of mediatek FM radio driver, there is a possible OOB write due to improper input In fm_set_stat of mediatek FM radio driver, there is a possible OOB write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

CVE-2018-9397 [MEDIUM] CWE-787 CVE-2018-9397: In WMT_unlocked_ioctl of MTK WMT device driver, there is a possible OOB write due to a missing b In WMT_unlocked_ioctl of MTK WMT device driver, there is a possible OOB write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

CVE-2018-9390 [MEDIUM] CWE-125 CVE-2018-9390: In procfile_write of gl_proc.c, there is a possible out of bounds read of a function pointer du In procfile_write of gl_proc.c, there is a possible out of bounds read of a function pointer due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

CVE-2018-9407 [MEDIUM] CWE-125 CVE-2018-9407: In emmc_rpmb_ioctl of emmc_rpmb.c, there is an Information Disclosure due to a Missing Bounds Check. In emmc_rpmb_ioctl of emmc_rpmb.c, there is an Information Disclosure due to a Missing Bounds Check. This could lead to Information Disclosure of kernel data.

CVE-2018-9403 [MEDIUM] CWE-787 CVE-2018-9403: In the MTK_FLP_MSG_HAL_DIAG_REPORT_DATA_NTF handler of flp2hal_- interface.c, there is a possibl In the MTK_FLP_MSG_HAL_DIAG_REPORT_DATA_NTF handler of flp2hal_- interface.c, there is a possible stack buffer overflow due to a missing bounds check. This could lead to local escalation of privilege in a privileged process with System execution privileges needed. User interaction is not needed for exploitation.

CVE-2018-9391 [MEDIUM] CWE-787 CVE-2018-9391: In update_gps_sv and output_vzw_debug of vendor/mediatek/proprietary/hardware/connectivity/gps/g In update_gps_sv and output_vzw_debug of vendor/mediatek/proprietary/hardware/connectivity/gps/gps_hal/src/gpshal_wor ker.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

CVE-2018-9439 [MEDIUM] CWE-416 CVE-2018-9439: In __unregister_prot_hook and packet_release of af_packet.c, there is a possible use-after-free In __unregister_prot_hook and packet_release of af_packet.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.

CVE-2017-13308 [MEDIUM] CWE-120 CVE-2017-13308: In tscpu_write_GPIO_out and mtkts_Abts_write of mtk_ts_Abts.c, there is a possible buffer overflow i In tscpu_write_GPIO_out and mtkts_Abts_write of mtk_ts_Abts.c, there is a possible buffer overflow in an sscanf due to improper input validation. This could lead to a local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

CVE-2018-9399 [MEDIUM] CWE-787 CVE-2018-9399: In /proc/driver/wmt_dbg driver, there are several possible out of bounds writes. These could lea In /proc/driver/wmt_dbg driver, there are several possible out of bounds writes. These could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

CVE-2018-9400 [MEDIUM] CWE-787 CVE-2018-9400: In gt1x_debug_write_proc and gt1x_tool_write of drivers/input/touchscreen/mediatek/GT1151/gt1x_g In gt1x_debug_write_proc and gt1x_tool_write of drivers/input/touchscreen/mediatek/GT1151/gt1x_generic.c and gt1x_tools.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

CVE-2018-9408 [MEDIUM] CWE-125 CVE-2018-9408: In m3326_gps_write and m3326_gps_read of gps.s, there is a possible Out Of Bounds Read due to a In m3326_gps_write and m3326_gps_read of gps.s, there is a possible Out Of Bounds Read due to a missing bounds check. This could lead to a local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

CVE-2018-9404 [MEDIUM] CWE-190 CVE-2018-9404: In oemCallback of ril.cpp, there is a possible out of bounds write due to an integer overflow. T In oemCallback of ril.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

CVE-2018-9462 [MEDIUM] CWE-787 CVE-2018-9462: In store_cmd of ftm4_pdc.c, there is a possible out of bounds write due to an incorrect bounds c In store_cmd of ftm4_pdc.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

CVE-2018-9463 [MEDIUM] CWE-787 CVE-2018-9463: In sw49408_irq_runtime_engine_debug of touch_sw49408.c, there is a possible out of bounds write In sw49408_irq_runtime_engine_debug of touch_sw49408.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

CVE-2018-9395 [MEDIUM] CWE-787 CVE-2018-9395: In mtk_cfg80211_vendor_packet_keep_alive_start and mtk_cfg80211_vendor_set_config of drivers/misc/me In mtk_cfg80211_vendor_packet_keep_alive_start and mtk_cfg80211_vendor_set_config of drivers/misc/mediatek/connectivity/wlan/gen2/os/linux/gl_vendor.c, there is a possible OOB write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

CVE-2018-9393 [MEDIUM] CWE-787 CVE-2018-9393: In procfile_write of drivers/misc/mediatek/connectivity/wlan/gen2/os/linux/gl_proc.c, there is a pos In procfile_write of drivers/misc/mediatek/connectivity/wlan/gen2/os/linux/gl_proc.c, there is a possible OOB write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

CVE-2018-9392 [MEDIUM] CWE-787 CVE-2018-9392: In get_binary of vendor/mediatek/proprietary/hardware/connectivity/gps/gps_hal/src/data_coder.c, the In get_binary of vendor/mediatek/proprietary/hardware/connectivity/gps/gps_hal/src/data_coder.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

CVE-2018-9396 [MEDIUM] CWE-787 CVE-2018-9396: In rpc_msg_handler and related handlers of drivers/misc/mediatek/eccci/port_rpc.c, there is a possib In rpc_msg_handler and related handlers of drivers/misc/mediatek/eccci/port_rpc.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

CVE-2018-9394 [MEDIUM] CWE-787 CVE-2018-9394: In mtk_p2p_wext_set_key of drivers/misc/mediatek/connectivity/wlan/gen2/os/linux/gl_p2p.c, there is In mtk_p2p_wext_set_key of drivers/misc/mediatek/connectivity/wlan/gen2/os/linux/gl_p2p.c, there is a possible OOB write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.